C# Decrypted Values and Public Class Properties...What is the risk?

Question

(If this is a duplicate post, please point me to the original or tell me what to search for. I could not find anything. Thank you!)

So, I have an encrypted value saved in a database row. I want to retrieve the column values for the database row and store them in a class instance. Is it safe to create a public property on the class for the DECRYPTED value?

public class *DataRow*
{
    public string *DataElement* { get; set; }
    public string *Value_Decrypted* { get; set; }
}

Can an external process somehow access the public property? Do I need to use SecureString (or something else) to protect against memory hacks? Does .NET's DataProtection help with any of this?

Is there a practical guide/walkthrough somewhere for how to handle this (hopefully without too much coding overhead)?

These feel like pretty basic questions (ashamed), and I have heard talk about these concerns, but in my searching I could not find anything. Wasn't sure what to search for (other than what's in the Title of this post).

As always, any direction will be greatly appreciated.

Thank you!

---

EDIT:

Thank you everyone for the responses. Password was a BAD example--I understand it is ill advised and usually unnecessary to decrypt a password. I guess my question is more general, relative to how to handle data that does need to be decrypted. I have updated my example to reference an encrypted/decrypted value instead of a password.

I am writing a generic monitor program and need to save access values, paths and commands in a database. I feel it's best to encrypt these values in an effort to minimize exposure of our infrastructure, etc.

The consensus seems to be that saving the decrypted value in any form, property or otherwise, is a bad idea.

I am now thinking that I will store only the encrypted value and then decrypt it, using a SecureString, every time I need it.

Thank you all again!!

Answer 1

Usually password decryption is not necessary. If you let users pick their own passwords it is even unethical.

Having said that: You should use a one way encryption. Otherwise a SecureString. Consider all public and private members unsafe in this context.

For the one way encryption,some basics: Encrypt password. Store it in database. If you want to check the password, encrypt the inputted data and check if it matches the encrypted value in the database. The encryption is usually seeded with a random salt value.

Check this link for encryption with salt: https://stackoverflow.com/a/2138588/2416958

Answer 2

The best practice is that you use a One Way encyption method to scramble the password. This prevents the original data from being exposed to any third party and can be only verified by the owner of the password.

No matter what modifier you use for your password filed (private, protected), that value can still be stolen.

Answer 3

Just like Stefan says, it's never a good idea to decrypt the password and store the decrypted version anywhere for any period of time. It's unsafe and at times unethical. You shouldn't even be able to decrypt your users' passwords. Once the user keys in their password, that should be the last time said password is seen in it's decrypted form. You don't want the encrypted password to be sent back from the server across the network either as an attacker may find a pattern and find out your encryption method which is again not desirable. That's why whenever a user tries to log in, you get their attempt and encrypt it internally and check it against the encrypted version.

Public/Private access modifiers to class's fields were never intended for security purposes. They are there for encapsulation and data hiding for design purposes(as an example a private field can always be accessed through reflection).